Strategies to Cut Costs and Improve Cybersecurity

PB 25 Rockwell newlogo 400

June 18, 2021

By Nir Sasson, Network Security Consultant, Avnet, a Rockwell Automation company

Cybersecurity costs businesses a lot of money – and with no measurable monetary income as a result. That leaves executives and board members scratching their heads and wondering: “Why are we spending so much on this? Why do we need to employ expensive professionals to manage and operate cybersecurity?” Often leading them to ponder, “We know cybersecurity is important, but how do we determine the right level of investment?”

We’ve developed a list of three strategies you can use to maintain good cybersecurity hygiene, while still managing costs.  

#1. Manage to the Exception

Managing to the exception is the principle that will allow your organization to maintain a proper cybersecurity defense. It means starting from the worst-case scenario, or the exception to the status quo, and working backward to create your strategy from there.

Take the example of password management. Organizations using the username and password authentication method to verify their legitimate computer users must also provide a mechanism to help validate users who are having a problem. For example, they may have mistyped the password, are locked, and can’t log in to the system.

The ideal strategy starts with focusing on the small percentage of people who will forget their username or password – the exceptions. With the exception identified, the organization can plan and implement special measures to deal with the uncommon cases when the self-management process failed.

The next step is looking at what the solution is and figuring out if it can be automated, which leads us to our next strategy.

#2. Automation: Transfer Tasks, That do not Require Human Judgment, to a Machine

Knowing when to utilize automation can save companies a significant amount of money. Look for tasks that don’t require human judgment. Tasks like granting permissions to users who meet certain standards or automatic alerts when they meet pre-defined rules.

Going back to our password-management example, we have now determined that we need to deal with users who get locked out. Typically, how is a user unlocked? He calls the help desk. The operator at the desk helps identify the user who phoned him as a condition for providing the password reset service, asking a series of security questions.  

This process can be transferred to an application, doing precisely the same thing. Instead of a human operator, a machine can check the correctness of the user’s answers and reset the password for him.

With one fix, we can dramatically reduce costs and the organization still has strong authentication systems in place.

#3. Know When to Outsource and When to Keep it Internal

Your organization most likely creates and stores vital information that, if exposed to an unauthorized entity, could result in an unbearable impact on your business. While important to protect, you most likely aren’t able to spend all your time on that one task – there is still the day-to-day, essential work that it takes to maintain the company.

If you do not possess the in-house capabilities required to gain and keep a good cybersecurity posture, the solution is not to give up on it entirely or to make compromises. That is when you should bring in an outside source to help.

Rockwell Automation LifecycleIQ Services works with organizations across a wide range of industries to take a proactive approach to cybersecurity. Our threat detection services can help you monitor and detect increasingly complex threats. We work closely with partners to provide comprehensive cybersecurity solutions to manage the operation of network security devices and applications, such as firewalls, intrusion prevention/detection, etc.

Cyber defense costs money, but it is possible to reduce the costs without compromising cybersecurity, and maybe even improve your defense.

Source

Related Articles



Editor’s Pick: Featured Article

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s scalable engineering software, u-control 2000, adapts individually to your requirements. And, the u-control is powerful, compact and fully compatible with Weidmüller’s I/O system u-remote. This article looks at what makes u-control the heart of your automation.

Programmable logic controllers (PLCs) are one of the main components of any automated system. A typical control system has inputs, outputs, controllers (i.e., PLCs), and some type of human interaction with the system, a human machine interface (HMI), for example.

Read More



Latest Articles

  • Understanding Industrial Relay Contact Configurations: NO, NC, SPDT, and DPDT

    November 19, 2024 Relays serve as the backbone of industrial control systems, enabling the control of high-power circuits using low-power signals. Understanding different relay contact configurations is crucial for designing effective control systems. Let’s explore the various types of relay contacts and their applications in industrial automation. Basic Contact Types and Their Applications The foundation of… Read More…

  • Training Courses on Plant and Machinery Safety from Pilz

    November 19, 2024 Plant safety is vitally important for the safe operation of technical plants. As a machine manufacturer or operator you are legally obliged to ensure the safety of plant, machinery and devices. Training courses teaches you to identify risks and avoid accidents. Further training for safety officers and employees is the key to success here. With this knowledge… Read More…